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Question: 1 


Which statement about Cisco Identity Services Engene high availability is true? 


A. Monitoring nodes are deployed m an active/active mode. One node serves as primary. All logs are 
sent automatically to both HA monitoring nodes. 

B. Administration nodes are limited to two and are deployed in an active/standby mode. 

C. Secondary Administrate node automatically becomes primary in the event of primary node failure. 
D. Monitoring nodes are deployed in an active/standby mode. All logs sent to the primary are 
replicated to the secondary node. 

E. Users are served from the secondary Monitoring node only if the active Monitoring node fails. 


Answer: D 


Question: 2 


Which types of design are required in the Cisco ISE ATP program? 


A. schematic and detailed 

B. preliminary and final 

C. high-level and low-level designs 
D. top down and bottom up 


Answer: C 


Question: 3 


Each node can have a different persona and associated services with that persona. Which persona 
cannot run with other personas on the same Cisco Identity Services Engine node? 


A. Inline Policy Service 
B. Administration 

C. Monitoring 

D. Policy Service 


Answer: A 


Question: 4 


Which external identity sources are not supported on Cisco ISE 1.0? 
A. Sun ONE LDAP Directory Server 


B. Microsoft Active Directory 
C. RSA Authentication Manager 
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D. Novell NDS 


Answer: D 


Question: 5 


Which two roles can be deployed across more than two nodes in an instance? (Choose two.) 


A. Monitoring 

B. Administration 
C. Inline Posture 
D. Pokey Service 


Answer: AB 


Question: 6 


Which RADIUS extension is required for posture and profiling support? 


A. ARAP 
B. VSA 

C. CoA 

D. EAPOL 


Answer: C 


Question: 7 


Which methods can be used to create usernames? 


A. general or random 

B. RFC2381or IEEE 1493 
C. Knopf or WS naming 
D. manual or Ruby 


Answer: A 


Question: 8 


Which option is the default authentication priority on a Cisco switch? 


A. MAB, 802.1X, Web-Auth 
B. 802.1X, MAB, Web-Auth 
C. MAB Web-Auth, 802.1X 
D. 802.1X, Web-Auth, MAB 
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Answer: B 


Question: 9 


Which statement about Inline Posture node deployment support is true? 


A. The Inline Posture node is supported on VMware ESX 4.1 but not on earlier versions ESX. 
B. The Inline Posture node is supported on any VMware/ESX/ESXi virtual appliance. 

C. The Inline Posture node is supported on the 1121. 3315. 3355, and 3395 appliance. 

D. The Inline Posture node is supported only on the 3315 3355, and 3395 appliances. 


Answer: C 


Question: 10 


Which appliance supports Cisco ISE 1.0? 


A. ACS 1120 Appliance 
B. VMWare ESX 3.5 

C. NAC 3390 Appliance 
D. NAC 3355 Appliance 


Answer: D 


Question: 11 


In the Cisco ISE ATP program, what must the sales team submit to begin the sales process? 


A. a new product-hold waiver 

B. high-level and low-level designs 

C. a preliminary design and a request for equipment release 
D. a high-level design and BoM 


Answer: B 


Question: 12 


When determining the number of endpoints for a user base, what is a good ratio for a starting point? 


A. 1-to-| 
B. 2-to-l 
C. 3-to-l 
D. 5-to-l 


Answer: C 
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Question: 13 


In a distributed deployment when co-locating the Administrator and Monitoring nodes on one 
appliance what is the maximum number of supported Policy Service nodes? 


A.5 
B. 10 
C.3 
D.1 
E. 40 


Answer: A 


Question: 14 


By default, which traffic does an 802.1X-enabled switch allow before authentication? 


A. all traffic 

B. no traffic 

C. traffic permitted in the port dACL on Cisco ISE 

D. traffic permitted in the default ACL on the switch 


Answer: D 


Question: 15 


Which two deployment methods are supported with Cisco ISE 1.0 with RADIUS NAC? 
(Choose two.) 


A. Unified Wireless 

B. HREAP - Local Switched 
C. HREAP - Central Switched 
D. Autonomous 


Answer: AC 


Question: 16 


Which function does the Cisco NAC Agent not perform? 


A. Windows updates 

B. launch remediation program 

C. antivirus or antispyware definition updates 
D. Macintosh updates 
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Answer: D 
Question: 17 
Which scenario does not support Cisco ISE guest services? 
A. wired NAD with local WebAuth 
B. wireless LAN controller with central WebAuth 
C. wireless LAN controller with local WebAuth 
D. wired NAD with central WebAuth 
Answer: B 


Question: 18 


Which statement about Change of Authorization and Inline Posture node is not true? 


A. Inline Posture node supports Layer 3 mode (router mode). 

B. Inline Posture node supports Layer 2 mode (bridge mode). 

C. All Cisco devices support Change of Authorization. 

D. Inline Posture node is used to provide Change of Authorization functionality on devices that lack 
native Change of Authorization support 


Answer: C 


Question: 19 


Which option does the Cisco ISE guest service not provide? 


A. support for local WebAuth and central WebAuth 

B. integrated authentication support for guest and nonguest accounts 
C. auto-population of login username for self-service registration 

D. email or SMS with credentials created by Admin registration 


Answer: C 


Question: 20 


Which Cisco ISE node does not support automatic failover? 


A. Inline Posture node 
B. Monitoring node 

C. Policy Services node 
D. Admin node 
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Answer: D 


Question: 21 


What is the maximum number of endpoints supported on 3315/3355/3395 providing all Cisco BE 
services respectively? 


A. 5000/1000/50000 
B. 3000/6000/10000 
C. 2000/4000/8000 
D. 1000/2000/5000 
E. 4000/8000/15000 


Answer: B 


Question: 22 


Which statement is true? 


A. A Cisco ISE Advanced license is perpetual in nature. 

B. A Cisco ISE Advanced license can be installed on top of a Base and/or Wireless license. 
C. A Cisco ISE Wireless license can be installed on top of a Base and/or Advanced license. 
D. A Cisco ISE Advanced license can be used without any Base licenses. 


Answer: B 


Question: 23 


At which OSI layer does WebAuth operate? 


A. Layer 2 
B. Layer 1 
C. Layers 4 and 7 in combination 
D. Layer 3 
E. Layer 4 


Answer: C 


Question: 24 


What n the maximum number of supported endpoints on an appliance in stand-alone mode? 


A. 5,000 
B. 7,500 
C. 10,000 
D. 2,000 
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Answer: D 


Question: 25 


Which Cisco ISE deployment models support profiling? 


A. Wireless WPA Enterprise TKIP SSIDs 
B. Inline Posture nodes 

C. Cisco Adaptive Security Appliance 
D. Wireless WPA2 Personal AES SSIDs 


Answer: B 


Question: 26 


In which scenario does Cisco ISE allocate an Advanced license? 


A. guest services with dACL enforcement 

B. endpoint authorization using SGA enforcement 
C. dynamic device profiling 

D. high availability Administrator nodes 


Answer: C 


Question: 27 


Which two configurations are acceptable for base and advanced licenses? (Choose two) 


A. no base licenses, 750 advanced licenses 
B. 1000 base license, 500 advanced licenses 
C. 1500 base license, no advanced license 
D. 250 base licenses, 500 advanced licenses 


Answer: BC 


Question: 28 


Which existing platforms support data migration to Cisco ISE 1.0? 


A. NAC4.X 
B. ACS 4.X 
C. NAC 3.X 
D. ACS 5.X 
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Answer: A 


Question: 29 


What is the maximum number of support endpoints supported in a Cisco ISE deployment? 


A. 50 endpoints 

B. 100 K endpoints 

C. 80 K endpoints 

D. 200 K endpoints 

E. 1 Million endpoints 


Answer: B 


Question: 30 


What is the maximum syslog rate for the monitoring node without any drop with appreciable 
latency? 


A. 500 messages/sec 

B. 1000 messages/sec 
C. 2000 messages/sec 
D. 5000 messages/sec 


Answer: B 
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